AWS CDK Workshop
AWS CDK λ§λ³΄κΈ°!!
Before getting started
Workshopμ μμνκΈ° μ μ AWS CDKκ° λμ§ κ°λ¨ν μμλ΄ μλΉ
AWS CDKλ?
AWS CDK (Cloud Development Kit)λ νλμ νλ‘κ·Έλλ° μΈμ΄λ₯Ό μ¬μ©νμ¬ Cloud Infraλ₯Ό codeλ‘ μ μνκ³ ,
AWS CloudFormationμ ν΅ν΄ λ°°ν¬νλ opensource software κ°λ° νλ μμν¬
AWS CDK CLIλ‘ λ¬΄μμ ν μ μμκΉ?
: AWS CDK CLIλ₯Ό μ¬μ©νμ¬ CDK applicationκ³Ό μνΈ μμ©ν μ μλ€
CDK CLIλ₯Ό μ¬μ©νλ©΄
CDK μ±μ μ μλ stackμ λμ΄νκ³ ,
Stackμ
CloudFormationν νλ¦Ώμ ν©μ±νκ³ ,μ€νμ€μΈ stack instanceμ CDK codeμ μ μλ stack κ°μ CDK code μ μ μλ stack κ°μ μ°¨μ΄μ μ νμΈνκ³ ,
μνλ Public AWS Region μ stackμ λ°°ν¬ ν μ μλ€
AWS CDKλ μ΄λ»κ² μλν κΉ?
AWS CDK νλ μμν¬λ₯Ό μ¬μ©νμ¬ AWS CDK νλ‘μ νΈλ₯Ό μμ±ν μ μμΌλ©°, μ΄ νλ‘μ νΈκ° μ€νλμ΄
CloudFormationν νλ¦Ώμ μμ±νκ² λλ€.AWS CDK νλ‘μ νΈλ AWS CDK CLI λ CD systemμμ μ€νλ μ μλ€
0. Install AWS CDK
npm i -g aws-cdk
1. CDK INIT
CDK INIT
cdk init sample-app --language typescriptTypescriptλ₯Ό μ¬μ©νλ CDK νλ‘μ νΈ μμ±νκΈ°
μ€ν κ²°κ³Ό
chloe@chloe-XPS-15-9570 ~/Workspace/aws-test/cdk-workshop
$ cdk init sample-app --language typescript
Applying project template sample-app for typescript
# Welcome to your CDK TypeScript project!
You should explore the contents of this project. It demonstrates a CDK app with an instance of a stack (`CdkWorkshopStack`)
which contains an Amazon SQS queue that is subscribed to an Amazon SNS topic.
The `cdk.json` file tells the CDK Toolkit how to execute your app.
## Useful commands
* `npm run build` compile typescript to js
* `npm run watch` watch for changes and compile
* `npm run test` perform the jest unit tests
* `cdk deploy` deploy this stack to your default AWS account/region
* `cdk diff` compare deployed stack with current state
* `cdk synth` emits the synthesized CloudFormation template
Initializing a new git repository...
Executing npm install...
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^2.1.2 (node_modules/jest-haste-map/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.3: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN cdk-workshop@0.1.0 No repository field.
npm WARN cdk-workshop@0.1.0 No license field.
β
All done!μ°Έκ³ νλ©΄ μ’μ λͺ λ Ήμ΄λ€μ΄ μΆλ ₯λ¨
Useful commands
npm run buildcompile typescript to jsnpm run watchwatch for changes and compilenpm run testperform the jest unit testscdk deploydeploy this stack to your default AWS account/regioncdk diffcompare deployed stack with current statecdk synthemits the synthesized CloudFormation template
2. npm run watch
TypesScript μ½λ μ»΄νμΌλ§
TypeScript μ½λλ JavaScriptλ‘ compile λμ΄μΌ νκΈ° λλ¬Έμ μμ€ μ½λ λ³κ²½ λΆμ νμΈνλ €λ©΄ κ³μν΄μ
.jsνμΌλ‘ complileμ ν΄μ£Όμ΄μΌ νλ€νλ‘μ νΈμλ
watchλΌλ μ΄λ¦μ npm scriptκ° μ΄λ―Έ μ€μ λμ΄ μμ΄μ, μ΄λ₯Ό μ€ννλ©΄ λ§€λ² μλμΌλ‘ complie ν΄μ€ νμ μμ΄ μλμΌλ‘ λ³κ²½λΆμ.jsνμΌλ‘ complie ν΄μ€λ€!
μ½λ λ³κ²½λΆ watch νκΈ°
νλ‘μ νΈ Directory λ‘ μ΄λ
chloe@chloe-XPS-15-9570 ~
$ cd Workspace/aws-test/cdk-workshop/
watchscript μν
npm run watchκ·Έλ¬λ©΄ ν°λ―Έλ μ°½μ λ΄μ©μ΄ μ§μμ§κ³ λ€μκ³Ό κ°μ κ²°κ³Όκ° μΆλ ₯λλ€
image-20200903225530137 μ΄ scriptλ TypeScript Compiler (
tsc) λ₯Ό watch λͺ¨λλ‘ μμν΄μ, νλ‘μ νΈ λλ ν 리λ₯Ό monitoring νμ¬.tsνμΌμ λ³κ²½λΆμ.jsνμΌλ‘ μλ complie ν΄μ€λ€!λλ μ κΈ°
3. νλ‘μ νΈ κ΅¬μ‘°
Project Directory νμ
lib/cdk-workshop-stack.tsCDK applicationμ main stackμ΄ μ μ₯λλ κ³³
bin/cdk-workshop.tsCDK applicationμ entry point
lib/cdk-workshop-stack.tsμ μ μλ stackμ load νλ€
cdk.jsontoolkitμ΄ μ΄λ»κ² appμ μ€νν΄μΌ νλμ§ μλ €μ£Όλ νμΌ
μ΄ νλ‘μ νΈμ κ²½μ° "npx ts-node bin/cdk-workshop.ts" κ° λ€μ΄κ°λ€!
Entry Point
Entry pointμΈ
bin/cdk-workshop.tsνμΌ μ΄ν΄λ³΄κΈ°
#!/usr/bin/env node
import * as cdk from '@aws-cdk/core';
import { CdkWorkshopStack } from '../lib/cdk-workshop-stack';
const app = new cdk.App();
new CdkWorkshopStack(app, 'CdkWorkshopStack');μ΄ μ½λλ
CdkWorkshopStackμ loadνκ³ initiate νλ€μ΄λ€ stackμ loadν κ²μΈμ§λ§ μ μλκ³ λλ©΄ λ μ΄μ λ³Ό μΌμ΄ μλ νμΌ
Main Stack
μ€μν λΆλΆμ΄ μ μλλ
lib/cdk-workshop-stack.tsνμΌ μ΄ν΄λ³΄κΈ°
import * as cdk from '@aws-cdk/core';
import * as sns from '@aws-cdk/aws-sns';
import * as sqs from '@aws-cdk/aws-sqs';
import * as subs from '@aws-cdk/aws-sns-subscriptions';
export class CdkWorkshopStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const queue = new sqs.Queue(this, 'CdkWorkshopQueue', {
visibilityTimeout: cdk.Duration.seconds(300)
});
const topic = new sns.Topic(this, 'CdkWorkshopTopic');
topic.addSubscription(new subs.SqsSubscription(queue));
}
}Applicationμ΄ sample CDK stack (
CdkWorkshopStack) μΌλ‘ μ΄λ£¨μ΄μ§ κ² νμΈ κ°λ₯μ΄ stackμλ μλμ μΈ κ°μ§ μλΉμ€ μμ±μ΄ ν¬ν¨λλ€
SQS Queue
new sqs.Queue
SNS Topoic
new sns.Topic
SNS Topicμμ λ°μνλ λͺ¨λ messageλ₯Ό μμ νλλ‘ Queue μ€μ
topic.addSubscription
4. CDK Synth
CDK μ±μμ CloudFormation Template μ°μΆνκΈ°
CloudFormation Template μ°μΆνκΈ°AWS CDK μ±μ codeλ₯Ό μ΄μ©ν΄μ Infraλ₯Ό ν¨κ³Όμ μΌλ‘ μ μνλλ‘ λμμ£Όλ λꡬμ΄λ€
CDK μ±μ΄ μ€μ λ‘ μ€νλ λλ
AWS CloudFormationtemplateμ stackλ§λ€ μμ±νμ¬ μ€μ λ°°ν¬λ₯Ό νλ€CDK μ±μμ templateμ μ°μΆνκΈ° μν΄μλ
cdk synthλͺ λ Ήμ΄λ₯Ό μ¬μ©ν μ μλ€CDK CLIλ
cdk.jsonνμΌμ΄ μλ directoryμμλ§ μ€νλ μ μλ μ μ μνκΈ°!
Sample appμμ μΆμΆλ template μ΄ν΄λ³΄κΈ°
chloe@chloe-XPS-15-9570 ~/Workspace/aws-test/cdk-workshop
$ cdk synth
**************************************************
*** Newer version of CDK is available [1.62.0] ***
*** Upgrade recommended ***
**************************************************
Resources:
CdkWorkshopQueue50D9D426:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 300
Metadata:
aws:cdk:path: CdkWorkshopStack/CdkWorkshopQueue/Resource
CdkWorkshopQueuePolicyAF2494A5:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
- Action: sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Ref: CdkWorkshopTopicD368A42F
Effect: Allow
Principal:
Service: sns.amazonaws.com
Resource:
Fn::GetAtt:
- CdkWorkshopQueue50D9D426
- Arn
Version: "2012-10-17"
Queues:
- Ref: CdkWorkshopQueue50D9D426
Metadata:
aws:cdk:path: CdkWorkshopStack/CdkWorkshopQueue/Policy/Resource
CdkWorkshopQueueCdkWorkshopStackCdkWorkshopTopicD7BE96438B5AD106:
Type: AWS::SNS::Subscription
Properties:
Protocol: sqs
TopicArn:
Ref: CdkWorkshopTopicD368A42F
Endpoint:
Fn::GetAtt:
- CdkWorkshopQueue50D9D426
- Arn
Metadata:
aws:cdk:path: CdkWorkshopStack/CdkWorkshopQueue/CdkWorkshopStackCdkWorkshopTopicD7BE9643/Resource
CdkWorkshopTopicD368A42F:
Type: AWS::SNS::Topic
Metadata:
aws:cdk:path: CdkWorkshopStack/CdkWorkshopTopic/Resource
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Modules: aws-cdk=1.61.1,@aws-cdk/aws-cloudwatch=1.61.1,@aws-cdk/aws-iam=1.61.1,@aws-cdk/aws-kms=1.61.1,@aws-cdk/aws-sns=1.61.1,@aws-cdk/aws-sns-subscriptions=1.61.1,@aws-cdk/aws-sqs=1.61.1,@aws-cdk/cloud-assembly-schema=1.61.1,@aws-cdk/core=1.61.1,@aws-cdk/cx-api=1.61.1,@aws-cdk/region-info=1.61.1,jsii-runtime=node.js/v12.17.0
Condition: CDKMetadataAvailable
Conditions:
CDKMetadataAvailable:
Fn::Or:
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- ap-east-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-2
- Fn::Equals:
- Ref: AWS::Region
- ap-south-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-2
- Fn::Equals:
- Ref: AWS::Region
- ca-central-1
- Fn::Equals:
- Ref: AWS::Region
- cn-north-1
- Fn::Equals:
- Ref: AWS::Region
- cn-northwest-1
- Fn::Equals:
- Ref: AWS::Region
- eu-central-1
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- eu-north-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-2
- Fn::Equals:
- Ref: AWS::Region
- eu-west-3
- Fn::Equals:
- Ref: AWS::Region
- me-south-1
- Fn::Equals:
- Ref: AWS::Region
- sa-east-1
- Fn::Equals:
- Ref: AWS::Region
- us-east-1
- Fn::Equals:
- Ref: AWS::Region
- us-east-2
- Fn::Equals:
- Ref: AWS::Region
- us-west-1
- Fn::Equals:
- Ref: AWS::Region
- us-west-2cdk synthλͺ λ Ήμ΄λ₯Όcdk.jsonνμΌμ΄ μλ directoryμμ μ€ννλ©΄ μμ κ°μ΄ CloudFormation templateμ΄ μΆλ ₯λλ€μ΄ templateμ μλμ 4κ°μ§ μμμ μμ±νλ€
AWS::SQS::Queue
SQS ν
AWS::SNS::Topic
SNS ν ν½
AWS::SNS::Subscription
νμ ν ν½ μ¬μ΄μ subscription μ μ
AWS::SQS::QueuePolicy
ν ν½μμ νλ‘
λ©μμ§λ₯Ό λ³΄λΌ μ μλ IAM μ μ±
AWS::CDK::Metadata λ
CDK toolkitμ μν΄ λͺ¨λ stackμ μλμΌλ‘ μμ±λλ μμμ΄λ€CDK νμ΄ λ³΄μ issue νμ λ° λΆμμ νλλ°μ μ¬μ©λλ€κ³ ν¨!
5. CDK Deploy
νκ²½ Bootstrap
AWS CDK μ±μ νκ²½ (κ³μ‘/region)μ λ°°ν¬νκΈ° μν΄μλ λ¨Όμ
bootstrap stackμ μ€μΉν΄μΌ νλ€bootstrap stackμλ toolkitμ μ΄μμ μν΄ νμν μμλ€μ΄ ν¬ν¨λμ΄ μλ€
ex)
CFNteamplateμ 보κ΄νκ³ , λ°°ν¬ process λμ μμ±λλ assetλ€μ μ μ₯νλ S3 bucket
cdk bootstrapλͺ λ Ήμ΄λ₯Ό μ΄μ©ν΄μ νλμ νκ²½μ λν bootstrap stackμ μ€μΉν μ μλ€
chloe@chloe-XPS-15-9570 ~/Workspace/aws-test/cdk-workshop
$ cdk bootstrap
β³ Bootstrapping environment aws://213888382832/us-west-2...
CDKToolkit: creating CloudFormation changeset...
[ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ] (3/3)
β
Environment aws://213888382832/us-west-2 bootstrapped.
**************************************************
*** Newer version of CDK is available [1.62.0] ***
*** Upgrade recommended ***
**************************************************λ§μ½ μ¬κΈ°μμ Access Denied errorκ° λ°μνλ©΄,
AWS CLI κ° μ λλ‘ μ€μ λμ§ μμκ±°λ
μ¬μ©μ€μΈ AWS profile μ΄
cloudformation:CreateChangeSetμμ μ μνν κΆνμ΄ μλ κ²
μμ λͺ λ Ήμ΄κ° μ±κ³΅μ μΌλ‘ μνλκ³ λλ©΄ CDK μ±μ λ°°ν¬ν μ μλ€!
λ°°ν¬νκΈ°
cdk deployλͺ λ Ήμ΄λ₯Ό μ΄μ©ν΄μ CDK μ±μ λ°°ν¬νλ€
chloe@chloe-XPS-15-9570 ~/Workspace/aws-test/cdk-workshop
$ cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
βββββ¬ββββββββββββββββββββββββββ¬βββββββββ¬ββββββββββββββββββ¬ββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββ
β β Resource β Effect β Action β Principal β Condition β
βββββΌββββββββββββββββββββββββββΌβββββββββΌββββββββββββββββββΌββββββββββββββββββββββββββΌββββββββββββββββββββββββββ€
β + β ${CdkWorkshopQueue.Arn} β Allow β sqs:SendMessage β Service:sns.amazonaws.c β "ArnEquals": { β
β β β β β om β "aws:SourceArn": "${C β
β β β β β β dkWorkshopTopic}" β
β β β β β β } β
βββββ΄ββββββββββββββββββββββββββ΄βββββββββ΄ββββββββββββββββββ΄ββββββββββββββββββββββββββ΄ββββββββββββββββββββββββββ
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)?μμ κ°μ κ²½κ³ λ λ°°ν¬νλ €λ μ±μ 보μ μ κ²μ΄ νμν νλͺ©μ΄ λλ°λλ κ²½μ° μΆλ ₯λλ€
Topicμμ Queueλ‘ messageλ₯Ό 보λ΄μ€μΌ νλ―λ‘ yλ₯Ό μ λ ₯νμ¬ stackμ λ°°ν¬νκ³ μμμ μμ±νμ!
CdkWorkshopStack: deploying...
CdkWorkshopStack: creating CloudFormation changeset...
[ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ] (6/6)
β
CdkWorkshopStack
Stack ARN:
arn:aws:cloudformation:us-west-2:213888382832:stack/CdkWorkshopStack/fa564140-f078-11ea-b665-0a050e07f862μ€ν κ²°κ³Ό μ€λͺ
us-west-2λ appμ μμ±ν region μ΄κ³ ,213888382832λ account IDμ΄κ³ ,fa564140-f078-11ea-b665-0a050e07f862λ stack ID μ΄λ€
CloudFormation Console
CDK μ±μ AWS
CloudFormationμ ν΅ν΄ λ°°ν¬λλ€CDK stackμ
CloudFormationstackκ³Ό 1:1 λ‘ λ§€νλλ€μ¦, Stack μ κ΄λ¦¬νκΈ° μν΄ CloudFormationμ μ΄μ©ν μ μλ€!
CloudFormation console
CdkWorkshopStackμ μ ννκ³ λ¦¬μμ€ νμ ν΄λ¦νλ©΄, μμ±ν μμμ 물리μ IDλ₯Ό νμΈν μ μλ€
물리μ ID νμΈνκΈ°
Last updated
Was this helpful?